loading...

Is it safe to use Disqus for my Blog?

developertharun profile image Tharun Shiv ・1 min read

Hi,
I recently made by Blog into a PWA. I wanted to add a secure comments feature to the website. I came across Disqus. I integrated Disqus using 'disqus-react' package.

I noticed that the cookies are active when I use Disqus, also their privacy policy looks fishy to me.

Can you throw some light on this? Should I use Disqus, if yes, then is it safe for the users?
What are the alternatives to Disqus, if I want a comment feature on my static site built using GatsbyJs?

My blog: https://tharunshiv.com

Thank you in advance

[deleted user] image

[Deleted User]

Discussion

markdown guide
 

What if we let people embed the DEV comment section on their personal sites when folks are cross-posting to both places?

You know we'd do it in the most performant way possible 😄

 

That would be amazing! Even better would be if my Gatsby website could grab posts directly from DEV.

 
 

Hii Ben,
Firstly, I'm super excited to see your comment on my post! Thanks a lot for your phenomenal work on Dev Together. All the very best on your future endeavours.

Yeah, would be happy to use that. Is there a way to do that?

 

No not yet, but it could happen. Just need to figure it out.

Okay, we would love it! I'll also try to figure it out and contribute to the code then. 🙌

 
 
 

This would be absolutely amazing! I've been wondering whether I should add a comment section to my blog. I'm always cross posting to DEV, so it makes sense to link the comments if I add a section to it.

 
 

I would replace disqus on my blog with this

 

This would be so Cool. I've been looking at adding dev comments to my site, 2-way would be so next level!

 

What about the ”Sign with Dev” feature?

It would be good. I think Disqus should have this feature as a premium feature :)

 

Hello! Founder of Hyvor Talk, a Disqus alternative, here.

Basically, I started Hyvor Talk because Disqus doesn't seem to fit my blog. Why?

Disqus isn't a commenting system. It is a data-sharing company, which collects data through its comments system. When Zeta Global (an ad-tech company) acquired Disqus in 2017, they started showing ads on websites to monetize the free plan. This is a privacy concern for all of the visitors of your website. On the one hand, they collect the data and sell it to other companies like Twitter (See data.disqus.com). On the other hand, they allow other third parties like Viglink to collect data from your website.

There are some articles about Disqus's privacy concerns.

Most of the Disqus's users are using their free plan. However, they pay a lot of money by allowing Disqus to track the users (like Whatsapp is to Facebook). And, there's no note about whether they turn off tracking when you upgrade to their paid plans.

Hyvor Talk is built to avoid this privacy concern. So, how do we monetize it? Simple: We use subscriptions.

Most paid customers of ours are companies who are integrating Single Sign-on on their websites (Check out FusionAuth blog, click Login and you'll be redirected to their login - not Hyvor login) and news sites.

Hyvor Talk is free up to 1 website and 40,000 monthly page views, which means that most individual bloggers don't need to worry about paying for the comments system. We do not track users or place ads even in the free plan.

For React, there's hyvor-talk-react

 

This looks great. I've been looking to replace Disqus on my blog for some time already. But the only not-self-hosted alternative I found was Muut, which I did not like a lot. Perhaps I'll just move to Hyvor Talk then.

 

Sure, you can also import the comments from Disqus to Hyvor Talk in a few clicks :)

 

Single-Sign-On is expensive Business $35 PER MONTH, otherwise $5 PER MONTH is as cheap as the smallest DigitalOcean Droplet (where you can host anything, anyway).

Do I have to care who commented to me?

 

Hello Pacharapol,

Thanks for the reply.

Yes, $35 can be expensive for some. But, our target for the business plan is companies. They are willing to pay more than $35 for the functionalities we provide.

By the way, do you have a website you hope to set up SSO?

Truthfully, I don't really know whether I should have commenters' credential. Should it remain anonymous, or should it be identifiable? Safety (of both client and server) should be the first concern.

Currently, I use Remark42 (with SPA tweak), to make it possible to both anonymous and SSO with Google. It is self-hosted, so it does have costs. An upside is, I can use it with as many websites as I want in one database.

Indeed, an upside of using a paid service, is you get supported.

Truthfully, I don't really know whether I have about commenters' credential. Should it remain anonymous, or should it be identifiable? Safety (of both client and server) should be the first concern.

Usually, logins/SSO for comments are used by websites that already have an authentication system. For example, take X company that provides a service for 1000 users. To allow those users to comment on their blog, they will need to ask them to signup for Disqus, Hyvor Talk, or whatever commenting platform. If they set up SSO, they can allow those users to use their accounts on their main platform. (Users love it - so do companies)

Self-hosting or using a hosted solution is completely personal preference :)

What do you think of requiring email, and possibly generating Gravatar?

Actually, Gravatar has its own problem -- dev.to/gajus/stack-overflow-is-lea...

My personal opinion is, requiring login will prevent bots from spamming your website.

Hyvor users can set their profile picture. For guest commenters, there's a bunch of avatars to select.

You see Gravatar everywhere on the web, because of WordPress. However, I don't think we'll use it because

  1. There is a lot of large databases for md5 reverse lookups.
  2. The default picture when the email is not found isn't appealing (I don't know if it's possible to change the default)

And, we don't want to require emails. It's completely up to the owner of the website (can be changed in the console).

 

That is amazing! Thank you for sharing your product here. Will test this out today. 🙂

 
 

I was using, then I uninstalled it due to its performance issues in WordPress.

 

Okay. Should we display a banner or popup on our website pages telling that we are using Third party cookies, "accept & close" something like that??

 
 

Try utteranc.es/ open source, you have control over your data.

Here's a live example
public-apis.io/daily-co-video-api,

 

It looks like Microsoft has control over your data in this project.

 

How do you say that? Just curious

He's somewhat right, since Microsoft own github. Imagine not having a backup of those comments and one day Github says pay microsoft for accessing your repo or go home.

Ah in that sense.. okay.. got it.

 

Thank you Fayaz, yeah will check it out🙂

 

Disqus was acquired by an advertising firm so I no longer trust them.

Their system also adds 2MB of bloat to the page according to my measurements.

I got rid of it and switched back to stock WordPress comments, with Akismet anti-spam it's good enough for me, although that doesn't work for a jamstack setup.

You should also look into self-hosting Commento!

 

Oh I see.. thanks a lot for sharing your experience.. will check out Commento 🙂

 

I used to look at this list -- gohugo.io/content-management/comme... -- perhaps you are looking for, Commento? Although Utterances should also work well in programming community.

I also love Discourse, but not sure about the costs.

I am using Remark42, but it isn't really SPA ready. -- github.com/umputun/remark42/pull/723

 

Thank you very much for sending me the right tools, I'll check them out 🙂

 

It gets blocked by uBlock and other adblockers, so I would say no.

 

Oh damn.. okay... Thanks for sharing 🙂

 
 

I see.. okay. Thank you for sharing 🙂